[Ubuntu-PH] Prevent Local Privilege Escalation for Econet Kernel Exploit
hard wyrd
hardwyrd at gmail.com
Wed Dec 8 14:56:30 UTC 2010
Hi All,
Linux kernel 2.6.37 and below with Econet protocol compiled in kernel is
susceptible to local privilege escalation attacks. All it takes is a local
shell user account (non-root), access to GCC and executing the exploit code
and get full root privilege .
For users using most distros with kernels 2.6.37 and below, Michael Meissner
provided a temporary workaround by running the following:
echo 1 > /proc/sys/kernel/panic_on_oops
If the exploit code is being run or something triggers exploiting Econet,
the kernel will go into panic instead of becoming exploitable.
The Econet problem was discovered by Nelson Elhage and were outlined
in CVE-2010-4258, CVE-2010-3849, and CVE-2010-3850. The exploit code I was
able to test out was provided by Dan Rosenberg and was verified to work on
Ubuntu 10.04 .
Michael Meissner verified that openSUSE 11.2 and 11.3 do not have ECONET
compiled, openSUSE 11.1 has ECONET, but not the 0 ptr deref issue.
Hope this will help if you have VPSes, dedicated boxes, and local boxes.
Regards!
--
-------------------------------------------------------------
"Penguin, penguin, and more penguin !"
www.madforubuntu.com
baudizm.blogsome.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-ph/attachments/20101208/ebde5ca6/attachment.html>
More information about the ubuntu-ph
mailing list